one: I am using MS IAS(radius) to authenticate VPN users. However, I am not able to get it to work when I check the message authenticator box in IAS. I have made sure the key is correct in IAS and the ASA. It works fine if I do not check this box, but I would like to be able to run with the security of having that key. I am running 8.04-23 on the ASA, and Server 2003 Sp2 on the IAS side.
Also, for local users on the ASA, what is the difference between the memberof attribute vs teh vpn-group-policy?
The checkbox in IAS is for an additional level of security, authenticating the connection from the ASA to radius based on the preshared key as well as IP address. for the memberof thing, thanks for clearing that up. I am curious if the memberof can also impact VPN or is it just for other purposes only?
Got you, well I have been looking on the command reference and have not found any command under the aaa-server mode nor a radius global radius command that will perform the md5 hash that the feature expects therefore I assume it is not supported, you might want to get clarification from TAC as if this is true or not. As for the memberOf values these are only for Administration of the ASA and not like the ones LDAP sends back.
Community Live Event Video
Are you ready to level up your security? Learn more about how Cisco SecureX can help you simplify your security and maximize operational efficiency.
This event talks about Cisco SecureX, its benefits, features, and usage. Th...
Hi all,I cannot understand why is something working very well they create a way to complicate things in Cisco ASA OS. I have a rule :object network LOCAL_ADRESS1 host 192.168.20.12 nat (VLAN20,outside) source static LOCAL_ADRESS1 interface&...
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. We are now looking to our amazing tech community to check out the amazing line up of bloggers, vloggers and podcasters. Make sure to vote for your favorites...
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....